Available Languages

Updated:May 19, 2017

Document ID:FN64219

NOTICE:

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND
OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE
OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE
IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD
NOTICE AT ANY TIME.

Background

Cipher is an algorithm used to perform encryption or decryption in the SSH protocol. The CDE250 IPMI firmware versions 3.09 and earlier have weak cipher. The CDE250 system utilizes IPMI in order to monitor and manage the health of the system. This function is implemented with embedded IPMI firmware that runs within the Baseboard Management Controller (BMC) that resides on the motherboard. The new security enhancement in IPMI version 3.12 improves the cipher.

The SDT utility versions 2.112 and earlier directly access the BMC and do not validate the I2C bus availability. This possibly causes contention issues which could result in I2C bus hang. SDT version 2.113 addresses this particular issue.

Problem Symptoms

There is no error message for the weak cipher.

This symptom can be observed for the I2C hang issue:

Workaround/Solution

Cisco recommends that these steps be taken in order to update the IPMI for VDS-TV, VQE, and VDS-IS applications and the SDT utility for VDS-TV and VD-IS applications. This update needs to be done during a maintenance window.

Product ID

IPMI FW Version

Action

CDE250-K9

FW version = 3.12 or later (SDT v2.113 required)

Unit is good, no action required

CDE250-K9

FW version = 1.33 or 2.05 or 3.03, 3.06 or 3.09

Upgrade the IPMI FW

Determine the IPMI FW version (see the How to Identify Hardware Levels section). Note: The new IPMI FW requires SDT version 2.113.

If the IPMI version is not 3.12, update the IPMI FW to version 3.12 with the IPMI dedicated Ethernet port and web interface or a DOS boot stick with the IPMIUP.BAT (yafukcs -full X8DAH312.ima).

How To Identify Hardware Levels

The hardware information can be obtained either with a CLI command or a physical inspection of the chassis. The CLI command as shown in this screenshot must be used in order to determine the IPMI FW version.

Command Line

CDE Product ID Information

Visual Inspection

In order to identify the affected chassis, check the Product ID (PID) located on the right front corner of the top of the chassis.

This label is located on top right front corner of the chassis.

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods: